Skip to content
Permalink
Browse files

patch 8.1.1365: source command doesn't check for the sandbox

Problem:    Source command doesn't check for the sandbox. (Armin Razmjou)
Solution:   Check for the sandbox when sourcing a file.
  • Loading branch information...
brammool committed May 22, 2019
1 parent 5c017b2 commit 53575521406739cf20bbe4e384d88e7dca11f040
Showing with 17 additions and 0 deletions.
  1. +6 −0 src/getchar.c
  2. +9 −0 src/testdir/test_source.vim
  3. +2 −0 src/version.c
@@ -1407,6 +1407,12 @@ openscript(
emsg(_(e_nesting));
return;
}

// Disallow sourcing a file in the sandbox, the commands would be executed
// later, possibly outside of the sandbox.
if (check_secure())
return;

#ifdef FEAT_EVAL
if (ignore_script)
/* Not reading from script, also don't open one. Warning message? */
@@ -36,3 +36,12 @@ func Test_source_cmd()
au! SourcePre
au! SourcePost
endfunc

func Test_source_sandbox()
new
call writefile(["Ohello\<Esc>"], 'Xsourcehello')
source! Xsourcehello | echo
call assert_equal('hello', getline(1))
call assert_fails('sandbox source! Xsourcehello', 'E48:')
bwipe!
endfunc
@@ -767,6 +767,8 @@ static char *(features[]) =

static int included_patches[] =
{ /* Add new patch number below this line */
/**/
1365,
/**/
1364,
/**/

0 comments on commit 5357552

Please sign in to comment.
You can’t perform that action at this time.